Hot search keywords

ICO Investors Lose All Their Money When Reads a Whitepaper Encoded with Viruses

An ICO investor reported June 29 he fell victim to a scam in which he was led to believe a startup is doing an ICO project. Alex said he received a zip file with detailed information about the project and found his 80,000 yuan worth of ETH disappeared the next day.

The conman whose QQ number is 45295299 added Alex this Thursday claiming that he is working on an ICO project and wishes Alex to help check the whitepaper.

He said something nice about Alex and asked him to support his project. The criminal promised Alex that if everything worked out fine, he could get some kickback.

Alex took the bait. He received a zip file detailing everything he needs to know about the project.

When he was about to give some feedback on the whitepaper this morning, he was shocked to find that he lost 80,000 yuan worth of ETH.

The worst is yet to come. Alex searched the QQ number on Baidu and realized that the crook had been asking questions about how to bypass an antivirus on several hacker forums.

An antivirus works to detect viruses through two main ways, signature based detection and suspicious behavior. To cheat an antivirus, it involves a lot of encoding work. You can learn about about it at semantic:http://www.secmaniac.com/blog/2010/02/24/set-v0-4-1-rise-of-the-pink-pirate/

When Alex shared his story in an ICO group, he was surprised to hear that he was not the only victim. Some investors lost 180,000 yuan and some at least 1 million yuan. Now Alex has reported it to the police.

These victims all received an ICO file and the antivirus failed to detect some malware in it.

They read the whitepaper all night long in hopes of giving some useful advice and expected to get some rewards. But there is no such a thing called “Read my whitepaper, I’ll pay you.”

Tan Guopeng, founder of bitbill, said this morning that one of his colleagues lost all of his cryptocurrencies. He has been using imToken wallet and his assets were transferred last night without his knowledge. He is now talking with the company to see if there is any way to get his assets back.

I have been living two lives. In one life, I am a news editor of 8btc. I translate news, interview bitcoiners and miners. In the other life, I am an AI bot programmed to .......Forget it! Who is gonna buy this BS! I'm just me, Cindy, nobody else.

COMMENTS(17)

2 years agoBitcoinAllBot

Here is the link to the original comment thread. Or you can comment here to start a discussion. Author: 8btccom

But there is no such a thing called “Read my whitepaper, I’ll pay you.”

AKA, the 0th Law of Economics: There is no such thing as a free lunch.

It is kind of disappointing that they don’t get into any of the technical details of how the trojan worked and how it was able to re-send the victim’s ether so easily. Did all the victims just leave their private keys unencrypted on their computers, or what?

Edit: The thought just occurred to me that it would be funny if the author of the trojan ended up having used some of those leaked NSA 0-day expoits to pull off his heist.

an Guopeng, founder of bitbill, said this morning that one of his colleagues lost all of his cryptocurrencies. He has been using imToken wallet and his assets were transferred last night without his knowledge. He is now talking with the company to see if there is any way to get his assets back.

PDFs are notorious for carrying viruses, but at the same time it’s “the” ubiquitous document format that every noob has the software for. It’s a problem that needs a universal solution, really, or it just won’t work.

It could have been worse.
If it was a real ICO and he had invested his 80,000 yuan in ether in it and the ether price had shot up 1000% as a result, he would have lost up to 80,000,000 yuan worth of ether.

Ok he received an email and a zip file right. But what was in the zip file?

Did he click on any kind of executable file on the same computer he run his wallet? Well then yes, the problem is not the whitepaper, it’s that the guy is technologically illiterate, and even if no one deserve to be scammed, taking charge for securing your assets when you know nothing about security is the the problem.

I don’t use Windows. I recall reading that one of its “features” was that trying to open an executable file sent as an email attachment would auto-execute it, even if the file had a bogus extension like “.pdf” or “.zip” instead of “.exe”. Was that true? Is t still the case?

That one was an outlook/office exploit if I remember correctly, but there is also the fact that for many years now, Windows hides by default the file extensions, so most users these days have no concept of file extension so they click on anything thinking it’s all the same.